status-im
/
infra-role-beacon-node-linux
mirror of https://github.com/status-im/infra-role-beacon-node-linux.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

use infra-role-open-ports, open metrics for metrics.hq 

https://github.com/status-im/infra-hq/issues/69

Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
Jakub Sokołowski 2021-08-12 17:05:29 +02:00
parent d96c254880
commit d19a71843f
No known key found for this signature in database
GPG Key ID: 4EF064D0E6D63020
2 changed files with 12 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
meta/main.yml
View File

@ -13,6 +13,9 @@ galaxy_info:
- name: consul-service
src: git+git@github.com:status-im/infra-role-consul-service.git
scm: git
- name: open-ports
src: git+git@github.com:status-im/infra-role-open-ports.git
scm: git
- name: systemd-timer
src: git+git@github.com:status-im/infra-role-systemd-timer.git
scm: git

25
tasks/firewall.yml
View File

@ -1,17 +1,10 @@
---
- name: 'Open ports'
iptables:
comment: '{{ beacon_node_service_name }} {{ rule.protocol }}'
action: insert
chain: INPUT
jump: ACCEPT
source: '0.0.0.0/0'
protocol: '{{ rule.protocol }}'
destination_port: '{{ rule.port }}'
with_items:
- { protocol: 'tcp', port: '{{ beacon_node_listening_port }}' }
- { protocol: 'udp', port: '{{ beacon_node_discovery_port }}' }
loop_control:
loop_var: rule
notify:
- Save iptables rules
- name: Open ports in iptables firewall
include_role: name=open-ports
vars:
open_ports_default_comment: '{{ beacon_node_service_name }}'
open_ports_default_chain: 'SERVICES'
open_ports_list:
- { port: '{{ beacon_node_listening_port }}', protocol: 'tcp' }
- { port: '{{ beacon_node_discovery_port }}', protocol: 'udp' }
- { port: '{{ beacon_node_metrics_port }}', chain: 'VPN', ipset: 'metrics.hq' }